Allow sidecar containers to access RestoreSessions

controllers/backupconfiguration_controller_helpers.go

@@ -379,13 +379,18 @@ func (r *BackupConfigurationReconciler) createRBACSidecar(sa corev1.ServiceAccou
 				rbacv1.PolicyRule{
 					Verbs:     []string{"get", "list", "watch"},
 					APIGroups: []string{"formol.desmojim.fr"},
-					Resources: []string{"backupsessions", "backupconfigurations", "functions", "repos"},
+					Resources: []string{"restoresessions", "backupsessions", "backupconfigurations", "functions", "repos"},
 				},
 				rbacv1.PolicyRule{
 					Verbs:     []string{"get", "list", "watch", "create", "update", "patch", "delete"},
 					APIGroups: []string{"formol.desmojim.fr"},
 					Resources: []string{"backupsessions/status"},
 				},
+				rbacv1.PolicyRule{
+					Verbs:     []string{"get", "list", "watch", "create", "update", "patch", "delete"},
+					APIGroups: []string{"formol.desmojim.fr"},
+					Resources: []string{"restoresessions/status"},
+				},
 			},
 		}
 		r.Log.V(0).Info("Creating formol sidecar role", "role", role)

test/00-setup.yaml

@@ -68,5 +68,5 @@ metadata:
   namespace: demo
 data:
   RESTIC_PASSWORD: bHIyOXhtOTU=
-  AWS_ACCESS_KEY_ID: OWFTSXZBSEVzWlNVMmkyTU9zVGxWSk1lL1NjPQ==
-  AWS_SECRET_ACCESS_KEY: WVN5ck9ncVllcjBWNFNLdlVOcmx2OGhjTllhZGZuN2xaNjBIaXRlL3djWT0=
+  AWS_ACCESS_KEY_ID: SjV4V2NqQ2RzckxpZ2lEZA==
+  AWS_SECRET_ACCESS_KEY: OVdBMnN1djVtanRLRTdnMkRjNWl5WWtkbDNobGV5UU8=

test/02-backupconf.yaml

@@ -18,8 +18,8 @@ metadata:
 spec:
   backend:
     s3:
-      server: raid5.desmojim.fr:9000
-      bucket: testbucket2
+      server: minio-svc.minio:9000
+      bucket: backups
   repositorySecrets: secret-minio
 ---
 apiVersion: formol.desmojim.fr/v1alpha1
@@ -106,7 +106,7 @@ metadata:
 spec:
   suspend: true
   image: desmo999r/formolcli:latest
-  repository: repo-local
+  repository: repo-minio
   schedule: "15 * * * *"
   keep:
     last: 5